admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential overflow in congestion controller fuzzer.

Browse Source 
Bug: chromium:787753
Change-Id: I43d765379216db35f3df748b16599b34bffd388f
Reviewed-on: https://webrtc-review.googlesource.com/25480
Reviewed-by: Björn Terelius <terelius@webrtc.org>
Commit-Queue: Stefan Holmer <stefan@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20851}
This commit is contained in:
Stefan Holmer 2017-11-23 10:36:11 +01:00 committed by Commit Bot
parent a4ecf5571e
commit d7e251378b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
test/fuzzers/congestion_controller_feedback_fuzzer.cc
View File

@ -27,8 +27,9 @@ void FuzzOneInput(const uint8_t* data, size_t size) {
header.ssrc = ByteReader<uint32_t>::ReadBigEndian(&data[i]);
i += sizeof(uint32_t);
header.extension.hasTransportSequenceNumber = true;
int64_t arrival_time_ms =
std::max<int64_t>(ByteReader<int64_t>::ReadBigEndian(&data[i]), 0);
int64_t arrival_time_ms = std::min<int64_t>(
std::max<int64_t>(ByteReader<int64_t>::ReadBigEndian(&data[i]), 0),
std::numeric_limits<int64_t>::max() / 2);
i += sizeof(int64_t);
const size_t kMinPacketSize =
sizeof(size_t) + sizeof(uint16_t) + sizeof(uint8_t);
@ -41,7 +42,7 @@ void FuzzOneInput(const uint8_t* data, size_t size) {
rbe->IncomingPacket(arrival_time_ms, payload_size, header);
clock.AdvanceTimeMilliseconds(5);
arrival_time_ms += ByteReader<uint8_t>::ReadBigEndian(&data[i]);
arrival_time_ms += sizeof(uint8_t);
i += sizeof(uint8_t);
}
rbe->Process();
}